Xen is an open-source type-1 or baremetal hypervisor, which makes it possible to run many instances of an operating system or indeed different operating systems in parallel on a single machine (or host). Xen is the only type-1 hypervisor that is available as open source. Xen is used as the basis for a number of different commercial and open source applications, such as: server virtualization, Infrastructure as a Service (IaaS), desktop virtualization, security applications, embedded and hardware appliances.

Introduction

The Xen hypervisor is a thin layer of software which emulates a computer architecture allowing multiple operating systems to run simultaneously. The hypervisor is started by the boot loader of the computer it is installed on. Once the hypervisor is loaded, it starts the "dom0" (short for "domain 0", sometimes called the host or privileged domain) which in our case runs Arch Linux. Once the dom0 has started, one or more "domUs" (short for user domains, sometimes called VMs or guests) can be started and controlled from the dom0. Xen supports both paravirtualized (PV) and hardware virtualized (HVM) domUs. See Xen.org for a full overview.

System requirements

The Xen hypervisor requires kernel level support which is included in recent Linux kernels and is built into the linux and linux-lts Arch kernel packages. To run run HVM domUs the physical hardware must have either Intel VT-x or AMD-V (SVM) virtualization support. In order to verify this, run the following command when the Xen hypervisor is not running:

grep -E "(vmx|svm)" --color=always /proc/cpuinfo

If the above command does not produce output, then hardware virtualization support is unavailable and your hardware is unable to run HVM domUs. If you believe the CPU supports one of these features you should access the host system's BIOS configuration menu during the boot process and look if options related to virtualization support have been disabled. If such an option exists and is disabled, then enable it, boot the system and repeat the above command. The Xen hypervisor also supports PCI passthrough where PCI devices can be passed directly to the domU even in the absence of dom0 support for the device. In order to use PCI passthrough the CPU must support IOMMU/VT-d.

Configuring dom0

The Xen hypervisor relies on a full install of the base operating system. Before attempting to install the Xen hypevisor, the host machine should have a fully operational and up-to-date install of Arch Linux. This installation can be a minimal install with only the base package and does not require a Desktop Environment or even Xorg. If you are building a new host from scratch, see the Installation Guide for instructions on installing Arch Linux. The following configuration steps are required to convert a standard installation into a working dom0 running on top of the Xen hypevisor:

Installation of the Xen hypervisor

Modification of the bootloader to boot the Xen hypervisor

Creation of a network bridge

Installation of Xen systemd services

Installation of the Xen hypervisor

To install the Xen hypervisor install either the current stable xenAUR or the bleeding edge unstable xen-hg-unstableAUR packages available in the Arch User Repository. Both packages provide the Xen hypervisor, current xl interface and all configuration and support files, including systemd services. The multilib repository to be enabled to install Xen (See Pacman#Repositories for details). Install the xen-docsAUR package from the Arch User Repository for the man pages and documentation.

Modification of the bootloader

The boot loader must be modified to load a special Xen kernel (xen.gz) which is then used to boot the normal kernel. To do this a new bootloader entry is needed.

For grub users, the Xen package provides the /etc/grub.d/09_xen generator file. This file can be edited to customize the Xen boot commands, and will add the required bootloader when the following command is run:

Creation of a network bridge

Xen requires that network communications between domUs and the dom0 (and beyond) be set up manually. The use of both DHCP and static addressing is possible, and the choice should be determined by the network topology. Complex setups are possible, see the Networking article on the Xen wiki for details and /etc/xen/scripts for scripts for various networking configurations. A basic bridged network, in which a virtual switch is created in dom0 that every domU is attached to, can be setup by modifying the example configuration files provided by Netctl in etc/netctl/examples. By default, Xen expects a bridge to exist named xenbr0. To set this up with netctl, do the following:

# cd /etc/netctl
# cp examples/bridge xenbridge-dhcp

make the following changes to xenbridge-dhcp:

Description="Xen bridge connection"
Interface=xenbr0
Connection=bridge
BindsToInterface=(eth0) # Use the name of the external interface found with the 'ip link' command
IP=dhcp

Of course, the Mem, VCPUs and Time columns will be different depending on machine configuration and uptime. The important thing is that dom0 is listed.

In addition to the required steps above, see best practices for running Xen which includes information on allocating a fixed amount of memory and how to dedicate (pin) a CPU core for dom0 use. It also may be beneficial to create a xenfs filesystem mount point by including in /etc/fstab

none /proc/xen xenfs defaults 0 0

Using Xen

Xen supports both paravirtualized (PV) and hardware virtualized (HVM) domUs. In the following sections the steps for creating HVM and PV domUs running Arch Linux are described. In general, the steps for creating an HVM domU are independent of the domU OS and HVM domUs support a wide range of operating systems including microsot Windows. To use HVM domUs the dom0 hardware must have virtualization support. Paravirtualized domUs do not require virtualization support, but instead require modifications to the guest operating system making the installation procedure different for each operating system (see the Guest Install page of the Xen wiki for links to instructions). Some operating systems (e.g., Microsoft Windows) cannot be installed as a PV domU. In general, HVM domUs often run slower than PV domUs since HVMs run on emulated hardware. While there are some common steps involved in setting up PV and HVM domUs, the processes are substantially different. In both cases, for each domU, a "hard disk" will need to be created and a configuration file needs to be written. Additionally, for installation each domU will need access to a copy of the installation ISO stored on the dom0 (see the Download Page to obtain the Arch Linux ISO).

Create a domU configuration

Each domU requires a separate configuration file that is used to create the virtual machine. Full details about the configuration files can be found at the Xen Wiki or the xl.cfg man page. Both HVM and PV domUs share some components of the configuration file. These include

The name= is the name by which the xl tools manage the domU and needs to be unique across all domUs. The disk= includes information about both the the installation media (file:) and the partition created for the domU phy. If an image file is being used instead of a physical partition, the phy: needs to be changed to file:. The vif= defines a network controller. The 00:16:3e MAC block is reserved for Xen domains, so the last three digits of the mac= must be randomly filled in (hex values 0-9 and a-f only).

Managing a domU

If a domU should be started on boot, create a symlink to the configuration file in /etc/xen/auto and ensure the xendomains service is set up correctly. Some useful commands for managing domUs are:

Since HVM machines do not have a console, they can only be connected to via a vncviewer. The configuration file allows for unauthenticated remote access of the domU vncserver and is not suitable for unsecured networks. The vncserver will be available on port 590X, where X is the value of vncdisplay, of the dom0. The domU can be created with:

# xl create /path/to/config/file

and its status can be checked with

# xl list

Once the domU is created, connect to it via the vncserver and install Arch Linux as described in the Installation Guide.

This file needs to tweaked for your specific use. Most importantly, the archisolabel=ARCH_201301 line must be edited to use the release year/month of the ISO being used. If you want to install 32-bit Arch, change the kernel and ramdisk paths from /x86_64/ to /i686/.

Before creating the domU, the installation ISO must be loop-mounted. To do this, ensure the directory /mnt exists and is empty, then run the following command (being sure to fill in the correct ISO path):

# mount -o loop /path/to/iso /mnt

Once the ISO is mounted, the domU can be created with:

# xl create -c /path/to/config/file

The -c option will enter the domU's console when successfully created and install Arch Linux as described in the Installation Guide. There will be a few deviations, however. The block devices listed in the disks line of the cfg file will show up as /dev/xvd*. Use these devices when partitioning the domU. After installation and before the domU is rebooted, the xen-blkfront xen-fbfront xen-netfront xen-kbdfront modules must be added to Mkinitcpio. Without these modules, the domU will not boot correctly. For booting, it is not necessary to install Grub. Xen has a Python-based grub emulator, so all that is needed to boot is a grub.cfg file: (It may be necessary to create the /boot/grub directory)

This file must be edited to match the UUID of the root partition. From within the domU, run the following command:

# blkid

Replace all instances of __UUID__ with the real UUID of the root partition (the one that mounts as "/").

Shutdown the domU with the poweroff command. The console will be returned to the hypervisor when the domain is fully shut down, and the domain will no longer appear in the xl domains list. Now the ISO file may be unmounted:

# umount /mnt

The domU cfg file should now be edited. Delete the "kernel = ", "ramdisk = ", and "extra = " lines and replace them with the following line:

bootloader = "pygrub"

Also remove the ISO disk from the "disk = " line.

The Arch domU is now set up. It may be started with the same line as before:

# xl create -c /etc/xen/archdomu.cfg

Common Errors

'xl list' complains about libxl

- Either you have not booted into the Xen system, or xen modules listed in xencommons script are not installed

xl create fails

- check the guest's kernel is located correctly, check the pv-xxx.cfg file for spelling mistakes (like using initrd instead of ramdisk)

Arch linux guest hangs with a ctrl-d message

- press ctrl-d until you get back to a prompt, rebuild its initramfs described

Error message "failed to execute '/usr/lib/udev/socket:/org/xen/xend/udev_event' 'socket:/org/xen/xend/udev_event': No such file or directory"

- caused by /etc/udev/rules.d/xend.rules; xend is (a) deprecated and (b) not used, so it is safe to remove xend.rules